Vulnerable adults

The GDPR is designed to protect everyone’s data, and special provisions are made for children and vulnerable adults.

Your Privacy Policy and any other documentation should be written in clear, plain language to make it easy for everyone, including children and adults with learning disabilities, to understand and give their consent. However, you may cater to people who, through more severe disability or illness, are not able to do so.

Most vulnerable adults or their companions will have approached the church for ministry, fellowship or pastoral care themselves, and you will be holding their data to make this possible. This would come under the lawful basis of Legitimate Interests for processing. For example, you could not make visits to someone at home without keeping a record of their address.

If the person’s carer, Power of Attorney or next of kin has already given their permission for you to store the vulnerable adult’s data, and the way in which you are going to use said data has not changed, you do not need to seek fresh consent. However, if you do not have a record of prior consent or your use of the data has changed, you will need to approach them to ask for permission just as you would with anyone else should Consent be the lawful basis.

You should make a clear note that consent was granted by proxy, which church official recorded it, and when. This consent should be revisited if the vulnerable adult’s situation changes.

GDPR Advice from iKnow ChurchPart of the UK’s leading Christian Software Company